We absolutely agree. HIPAA compliance for startups is only the beginning for us. We're rolling out SOC2 soon and then will use these as a foundation to moving upmarket.
Our end goal isn't to work with startups to automate compliance - we're using this as a launchpad to going upstream in the GRC space.
I have an opinion about that too. It is super competitive and very democratised. Last I checked there platforms that would charge just $2500 per year for their GRC platform. That's pretty low in my opinion.
As a founder, I'll ask you why not start with the actually value proposition or goal you want to achieve right away. Why are you making your jouney very convoluted?
You bet. We get an interesting mix offering Heroku-like deployment with Vanta-style compliance preparation. We're not just an annual subscription-based GRC checklist that passively monitors, we're an active tool that enforces security on a technical front and runs checks every time an engineer git pushes. We also don't charge usage-based fees, so no one is charged an additional 10x of their AWS usage cost, which any large organization would with good reason want to churn.
It's been an effective entry point into the market for us -- establishing a foundation with companies that need to become compliant for the first time and building out core compliance features is a great stepping stone. Lets you work with additional customers while building out your larger product visions.
Our end goal isn't to work with startups to automate compliance - we're using this as a launchpad to going upstream in the GRC space.